Currency:
Legal

Privacy Policy

We take your privacy seriously. Here's exactly what data we collect, why, and your rights over it.

Effective date: February 2026  ·  Last updated: February 2026

We collect minimal data

We only collect what is necessary to operate the service. We do not sell your data.

You are in control

You can request access, correction, or deletion of your personal data at any time.

No selling of data

We never sell, rent, or trade your personal information to third parties for marketing.

1. Data We Collect

We collect different types of data depending on how you use the site:

Browsing Data

We collect standard server logs including IP address, browser type, pages visited, and referring URL. This data is used solely for security and aggregate analytics.

Patient Story Submissions

When you submit a patient story, we collect your name, cost information, procedure details, and a verification photo. This data is stored securely and published only after moderation approval.

Preference Cookies

We store your currency preference and dark mode setting in a cookie or session. No tracking or advertising cookies are used.

2. How We Use Your Data

  • To operate and improve the platform, including displaying verified patient stories.
  • To prevent spam, fraud, and abuse — particularly for patient story moderation.
  • To honour your currency and display preferences across sessions.
  • To respond to support requests or editorial corrections you contact us about.
  • To comply with legal obligations, if required by applicable law or a valid legal process.

3. Data Retention

Server logs are retained for up to 90 days. Patient story data (including photos) is retained as long as the story is published on the platform. If a story is deleted or rejected, associated personal data is purged within 30 days.

4. Data Sharing

We do not sell or rent your personal data. We may share data with:

  • Cloud infrastructure providers — for hosting and file storage (e.g. object storage for uploaded photos), under strict data processing agreements.
  • Analytics services — only aggregate, anonymised analytics — no personally identifiable information.
  • Legal authorities — only when required by a valid court order or legal obligation, and only to the extent required.

5. Your Rights

Depending on your jurisdiction (including GDPR for EU residents), you may have the following rights:

Right of Access

Request a copy of the personal data we hold about you.

Right to Rectification

Ask us to correct inaccurate or incomplete data.

Right to Erasure

Request deletion of your personal data ('right to be forgotten').

Right to Object

Object to processing of your data for certain purposes.

Data Portability

Receive your data in a structured, machine-readable format.

Withdraw Consent

Withdraw consent for any processing based on consent at any time.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

6. Security

We use industry-standard security practices including HTTPS encryption, secure cloud storage for uploaded files, and access controls to limit who can view personal data internally. However, no system is 100% secure and we cannot guarantee absolute security.

7. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top will always reflect the most recent revision. For significant changes, we will add a notice on the site.